Fake Android Apps Target South Korean Bank Customers

Security researchers at mobile software company Cheetah Mobile have identified a piece of Android malware that's designed to steal the personal and financial details of South Korean online banking customers.

According to the company, the malware is distributed on third party Android markets disguised as popular games or applications. Once it's installed on a smartphone, the threat starts searching for the mobile applications provided by South Korean financial institutions like Kookmin,Nong Hyup, Shinhan, Hana N, Woori, Busan and the Korean Federation of Community Credit Cooperatives.

When one of these apps is detected, the malware removes it and replaces it with a rogue version developed by the malware authors. The fake application first asks victims to provide the password to their security certificates, which are used for online banking services, e-commerce and government-related administrative purposes, Cheetah Mobile explained in a blog post.

After it harvests the personal and banking information included in the certificate, the malicious app instructs victims to provide their bank account number, passwords, and the security card number issued by the bank when an account is created. Finally, victims are presented with an error message informing them that there's no Internet connection, after which the malware removes all traces of itself from the infected device.

"With the information that they stole, the hackers can apply for a new certificate, which they then use to freely access the victim's bank account," Cheetah Mobile said.

In its blog post published on Wednesday, the company said it had identified over 3,000 infections in the last week. However, considering that there are around 30 million Android users in Korea, the company estimates that the infection rate is now over 100,000, Cheetah Mobile representatives told SecurityWeek.

Cheetah Mobile, which develops a mobile security application called CM Security, is a subsidiary of Kingsoft Corp. The company's initial public offering in May raised roughly $168 million for the firm.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.